The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB).
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:46
Type | Values Removed | Values Added |
---|---|---|
References | () ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.asc - | |
References | () http://secunia.com/advisories/32112 - Vendor Advisory | |
References | () http://secunia.com/advisories/32116 - | |
References | () http://secunia.com/advisories/32117 - Vendor Advisory | |
References | () http://secunia.com/advisories/32133 - | |
References | () http://secunia.com/advisories/32406 - | |
References | () http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc - Vendor Advisory | |
References | () http://securitytracker.com/id?1020968 - | |
References | () http://support.apple.com/kb/HT3467 - | |
References | () http://www.kb.cert.org/vuls/id/472363 - US Government Resource | |
References | () http://www.kb.cert.org/vuls/id/MAPG-7H2RY7 - US Government Resource | |
References | () http://www.kb.cert.org/vuls/id/MAPG-7H2S68 - US Government Resource | |
References | () http://www.openbsd.org/errata42.html#015_ndp - | |
References | () http://www.openbsd.org/errata43.html#006_ndp - | |
References | () http://www.securityfocus.com/bid/31529 - | |
References | () http://www.securitytracker.com/id?1021109 - | |
References | () http://www.securitytracker.com/id?1021132 - | |
References | () http://www.vupen.com/english/advisories/2008/2750 - | |
References | () http://www.vupen.com/english/advisories/2008/2751 - | |
References | () http://www.vupen.com/english/advisories/2008/2752 - | |
References | () http://www.vupen.com/english/advisories/2009/0633 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/45601 - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5670 - | |
References | () https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2008-09-036&viewMode=view - |
Information
Published : 2008-10-03 15:07
Updated : 2024-11-21 00:46
NVD link : CVE-2008-2476
Mitre link : CVE-2008-2476
CVE.ORG link : CVE-2008-2476
JSON object : View
Products Affected
netbsd
- netbsd
openbsd
- openbsd
windriver
- vxworks
juniper
- jnos
force10
- ftos
freebsd
- freebsd
CWE
CWE-20
Improper Input Validation